Binary junk coming out of parsing index.php Binary junk coming out of parsing index.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Binary junk coming out of parsing index.php

Started by JMelhuish, September 24, 2004, 06:38:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

JMelhuish

I have installed Coppermine 1.3.2 sucessfully, and it almost works.  My setup:

Redhat Linux 9
Apache 2.0.40
PHP 4.3.4
MySQL Ver 12.22 Distrib 4.0.20, for pc-linux (i686)

I installed OK, got the administrator login page, logged in successfully, but when going to the home (index.php) page, all I got was binary garbage, some of which is in the picture below.

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fmelhuish.org%2Fbinary_junk.png&hash=cda98a302c52802731dbfe0276cbeb97e4365ca2)

I can successfully open the login page, Last uploads, Admin mode, etc. but anytime I try Album list (index.php) or My gallery (index.php?...), I get the garbage.  The file "index.php" appears to be correct, i.e. it shows PHP code in text format.  The permissions on index.php are 666 (-rw-rw-rw-) and changing to 777 doesn't help.

I have left all the file permissions as they appear, although it seems strange to give "world" write permission on all files...  Almost all files are 666 (-rw-rw-rw- ) while directories are all 777 drwxrwxrwx
I did try chmoding files and directories to -rw-rw-r-- initially, but got the binary junk output in index.php

I have deleted the database and reinstalled cpg1.3.2 three times now; same result each time.

Any ideas?  Thanks.

James

kegobeer

Create another directory and make a file called index.php with this info:

<?php
echo 'Hello there.<br />';
$test = 'My name is';
echo 'This is testing: ' . $text . '<br />';
?>

Do you get garbage out of that, too?

And from what I've been able to find, the problem appears to be a slight bug in Apache2.  Have you tried upgrading to the latest release?  Have you also checked your Apache configuration file and put index.php in the DirectoryIndex entry?
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Tarique Sani

@kegobeer - which Apache2 bug are you refering to? any URL - several people have reported this problem
SANIsoft PHP applications for E Biz

kegobeer

I got my info from reading the bugs mailing list at php.net.  No url was given.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Tarique Sani

@kegobeer - thanks for the pointer - will investigate further
SANIsoft PHP applications for E Biz

JMelhuish

Quote from: kegobeer on September 24, 2004, 06:49:26 PM
Do you get garbage out of that, too?

No, I did not get garbage.  I got :

Hello there.
This is testing:

That's all, did not get the "My name is" text.
I should mention that I am using PHP/MySQL/Apache successfullly in three other applications : tikiwiki, (http://tikiwiki.org), PunBB (http://punbb.org), and Gallery (http://gallery.menalto.com/)  but was looking into Coppermine because of integration with PunBB (which I am moving to).

Quote from: kegobeer
And from what I've been able to find, the problem appears to be a slight bug in Apache2.  Have you tried upgrading to the latest release?  Have you also checked your Apache configuration file and put index.php in the DirectoryIndex entry?

No, No, and No.  I am not fully in control of the Apache version as I am renting a virtual private server.  I  haven't looked at the Apache config file (don't know what to look for anyway) nor have I put index.php in the DirectoryIndex entry (don't even know what that is).  Of course, I have several different index.php files in different directories, but maybe that is what the DirectoryIndex is for?

James

kegobeer

Hmm, I'm at a loss as to what would cause this on only a few machines but not all.  It almost certainly looks like a server configuration issue, but exactly what needs to be tweaked is a mystery.  Try changing your theme to see what happens.  Also, go into index.php and look at the last line.  If there's anything after it, delete it.  If there are any spaces before the ?>, delete them.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Nibbler

Just like to point out you used $test and $text there, so you did get the expected result from the script.

kegobeer

Thanks, I didn't notice that typo.  I don't think it matters though - I doubt the problem is with the variables.  Might be something inside index.php itself, like spaces or weird characters or a problem with the layout of the file.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

JMelhuish

I have installed and tested every version of coppermine, most of them output binary junk from index.php, however coppermine 1.0RC3 and 1.1.0 are OK.

The changeover occurs from cpg1.1.0 to cpg1.1.1

I hope that this points out what might be the problem.  If I can be a beta tester or problem-solver for this case, let me know...

James

kegobeer

QuoteAlso, go into index.php and look at the last line.  If there's anything after it, delete it.  If there are any spaces before the ?>, delete them.

Did you try this?
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

kegobeer

Also, check your server logs to see if there are any errors that stand out or catch your attention.  Can you also post a link/show the output from a phpinfo script?
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

JMelhuish

Quote from: kegobeer on September 30, 2004, 02:56:09 AM
QuoteAlso, go into index.php and look at the last line.  If there's anything after it, delete it.  If there are any spaces before the ?>, delete them.

Did you try this?

Yes I did for 1.3.2  but not for the earlier versions.

I'll look into the server stuff tomorrow.
James

Tranz

I dunno... but do you have anything in .htaccess file that could be messing up the parsing?

JMelhuish

Quote from: kegobeer on September 30, 2004, 03:03:14 AM
Also, check your server logs to see if there are any errors that stand out or catch your attention.  Can you also post a link/show the output from a phpinfo script?

Here is a link to the php_info (as an html file) : I hope nothing is sensitive, i.e. undesirables get hold of it for nefarious purposes!

http://melhuish.org/php_info.html

I am not sure exactly what the .htaccess file does.  I have several of them, one associated with PunBB, three from a PHP photo album program called "Gallery".  I don't see one for Coppermine.

Here is .htaccess for PunBB
<Limit GET POST PUT>
Order Allow,Deny
Deny from All
</Limit>


Here is the contents of the Gallery .htaccess in /gallery/
# BEGIN Gallery section
# (Automatically generated.  Do not edit this section)
# Note: still under development, so format may change.
# If you edit this file, make a backup before runnng the Config. Wizard.


php_value post_max_size 20971520
php_value upload_max_filesize 20971520
php_value magic_quotes_gpc off
php_value session.save_handler files

<IfModule sapi_apache2.c>
php_value session.bug_compat_warn off
</IfModule>

<IfModule mod_php4.c>
php_flag session.bug_compat_warn off
</IfModule>

Options -Indexes +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /gallery/

RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.\?/]+)/([0-9]+)$      /gallery/view_photo.php?set_albumName=$1&index=$2       [QSA]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.\?/]+)/([A-Za-z_0-9\-]+)$     /gallery/view_photo.php?set_albumName=$1&id=$2  [QSA]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.\?/]+)/$      /gallery/$1     [R]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.\?/]+)$       /gallery/view_album.php?set_albumName=$1        [QSA]
</IfModule>
# END Gallery section.  Add User changes below this line

Here is the contents of the Gallery .htaccess in /albums/.users/
Order deny,allow
Deny from all

Some other questions:
1)
The Coppermine setup instructions do not tell you what GRANT permissions the MySQL user requires.  I set up the database and used the same GRANT permissions that I use for tikiwiki :

mysql> grant SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER on cpg132.* to 'username'@'localhost' identified by 'password';

2)
What ARE the file permissions supposed to be for coppermine files?  They are all marked "write" by world, is this correct?

3)
I do want to integrate Coppermine with PunBB.  Would the early version of Coppermine that actually works (1.1.0) be able to integrate with PunBB?  Are there known security issues with cpg 1.1.0 ?

Thanks all!
James

Nibbler

Try removing/renaming the .htaccess file and see if it makes any difference. I don't have a 1.1.0 installed, but I would be very suprised if you can get the bridge to work with it without a lot of modifications. You can run coppermine routinely with restricted SQL perms, probably just SELECT, UPDATE, INSERT, DELETE but be aware the update.php needs extra perms like ALTER and CREATE.

JMelhuish

Quote from: Nibbler on September 30, 2004, 07:18:17 PM
Try removing/renaming the .htaccess file and see if it makes any difference

I renamed all the .htaccess files for the other programs (gallery and PunBB); there does not appear to be any .htaccess file related to coppermine.  Still no change ; binary junk from index.php

James

JMelhuish

I would still like to get Coppermine working on my server.  I have a suggestion and a request:

If a Coppermine developer would like to work with me, I could try to debug the problem on my server.  One way that might work is for someone to supply me with a set of index.php files, each one with some kind of reduced functionality (things commented out) in order to see which part of index.php is breaking PHP/Apache.

Is this a workable idea?  Thanks.

James

JMelhuish

I would still love to use Coppermine, especially if I can integrate it with PunBB which will soon be running my forums.  But it is impossible to use because of the problem parsing/outputting the index.php page (binary junk out) in Apache 2.0.

Is there going to be any debugging for this problem?
Can the developers provide me with some version that has simplified/modified install.php page to try and find where the problem lies?  [ Though I am not a PHP developer myself... ]

Does anyone have recommendations for alternative Image Gallery programs that will run on Apache 2.0 ? (running Redhat 9, PHP 4.3.6, MySQL 4.1.7)

I considered/am considering Gallery, but Gallery 1.x is not database-based, and 2.0 is still in Alpha.  Any other suggestions?  Thanks.

James

Joachim Müller

1) (menalto) gallery 1.x is database driven afaik
2) Coppermine does work on apache 2 webservers when the webserver is properly configured
3) What do you mean by "simplified install page"? What do you expect us to remove from it?
4) What "other" posting are you refering to?

Joachim